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WHAT IS CLAIMED IS: 

1 . A method comprising: 

replicating a change to data from first data storage in a first security domain to a second 
security domain, wherein 

the first security domain and the second security domain are independent of each 
other; and 

completing the change to the data in the first security domain in response to receiving an 

acknowledgement that the change to the data has been stored in second data storage in 
the second security domain. 

2. The method of claim 1 wherein 

the replicating is performed over a controlled link from a first host in the first security domain 
to a second host in the second security domain. 

3. The method of claim 2 wherein 

only the controlled link couples the first host to the second host. 

4. The method of claim 1 wherein 

a first host controls access to the first security domain; and 
a second host controls access to the second security domain. 

5. The method of claim 4 further comprising: 

the first host accessing data stored in the second security domain by requesting the data 
stored in the second security domain from the second host. 

6. The method of claim 4 wherein 

the second data storage is inaccessible directly by the first host. 

7. The method of claim 4 wherein 

the first data storage is inaccessible directly by the second host. 

8. The method of claim 1 wherein 
the completing the change comprises 

notifying an application making the change to the data that the change is complete. 

9. The method of claim 1 further comprising: 

using the data from the second data storage when the first data storage fails. 
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10. The method of claim 1 further comprising: 
reading a first portion of the data from the first data storage; and 

requesting a second portion of the data from a second host coupled to the second data storage. 

1 1 . The method of claim 1 wherein 

the first data storage and the second data storage are not connected to one network. 

12. The method of claim 1 further comprising: 

replicating a second change to the data in the first data storage to the second security domain 
after the acknowledgement is received. 

13. The method of claim 12 further comprising: 

completing the second change in the first security domain when a second acknowledgement 
is received that the second change to the data has been stored in the second storage 
area. 

14. The method of claim 1 further comprising: 

restoring the data in the first data storage from the second data storage when the data are , 
corrupted. 

15 . The method of claim 1 wherein 

the first data storage comprises a log. 

16. The method of claim 1 further comprising: 

saving a version of data stored in the second clata storage prior to storing the change to the 
data in the second data storage. 

17. The method of claim 16 wherein 

both the version of the data and the change to the data are accessible after storing the change 
to the data in the second data storage. 

18. The method of claim 1 wherein 
the second data storage comprises a log. 

19. The method of claim 18 further comprising: 
constructing a current version of the data from the log. 

20. The method of claim 1 wherein 
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the second data storage comprises 
a log, and 
a storage volume. 

21 . The method of claim 20 further comprising: 
writing the change to the data to the log; and 

writing the change to the data from the log to the storage volume. 

22. The method of claim 21 further comprising: 

allocating space in the second data storage for the change to the data when writing the change 
to the data from the log to the storage volume. 

23. The method of claim 20 further comprising: 
writing an oldest change to the data from the log to the storage volume. 

24. The method of claim 1 wherein 
the second data storage comprises 

a log, 

a storage volume, and 

a set of snapshots of the storage volume. 

25. The method of claim 24 further comprising: 
periodically making a new snapshot of the set of snapshots. 

26. The method of claim 25 further comprising:. 

allocating a portion of the second data storage for storing the new snapshot when the new 
snapshot is made. 

27. The method of claim 26 wherein 

the portion comprises storage for each block of a plurality of blocks in the storage volume. 

28. The method of claim 24 wherein 

at least one of the set of snapshots is a copy-on-write snapshot. 

29. The method of claim 28 wherein 

the copy-on-write snapshot is a most recent snapshot of the set of snapshots. 

30. The method of claim 28 further comprising: 
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writing the change to the log, 

writing a version of data in the storage volume to the copy-on-write snapshot, and 
writing the change to the data to the storage volume after writing the version of the data to the 
copy-on-write snapshot. 

3 1 . The method of claim 24 wherein 

at least one of the set of snapshots is an instant snapshot. 

32. The method of claim 24 further comprising: 

combining data from at least two snapshots of the set of snapshots into a combined snapshot; 
and 

deleting the at least two snapshots. 

33. The method of claim 32 wherein 

the at least two snapshots were created at adjacent points in time. 

34. The method of claim 1 wherein 
the second data storage comprises 

a log, 

a storage volume, and 

a set of overlay storage objects, wherein 

each overlay storage object of the set comprises respective data to be applied 
to the storage volume. 

35. The method of claim 34 further comprising: 
writing the change to the data to the log; 

writing the change to the data from the log to one overlay storage object of the set. 

36. The method of claim 35 wherein 

the one overlay storage object is a most recent overlay storage object of the set. 

37. The method of claim 34 further comprising: 
reading data in the second data storage by 

reading the respective data from at least one overlay storage object of the set of 

overlay storage objects, and 
reading other data in the second data storage from the storage volume. 
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the reading the respective data comprises reading the respective data in an order determined 
by a respective time for that each overlay storage object was created. 

39. The method of claim 34 further comprising: 

writing the respective data from one overlay storage object of the set of overlay storage 
objects to the storage volume. 

40. The method of claim 39 wherein 

the one overlay storage object is an oldest overlay storage object of the set. 

41 . The method of claim 39 further comprising: 
deleting the one overlay storage object. 

42. A system comprising: 

replicating means for replicating a change to data from first data storage in a first security 
domain to a second security domain, wherein 

the first security domain and the second security domain are independent of each 
other; and 

completing means for completing the change to. the data in the first security domain in * . 

response to receiving an acknowledgement that the change to the data has been stored 
in second data storage in the second security domain. 

43. The system of claim 42 wherein 

the replicating means perform the replicating over a controlled link from a first host in the 
first security domain to a second host in the second security domain. 

44. A system comprising: . . 

a replicating module configured to replicate a change to data from first data storage in a first 
security domain to a second security domain, wherein 

the first security domain and the second security domain are independent of each 
other; and 

a completing module configured to complete the change to the data in the first security 

domain in response to receiving an acknowledgement that the change to the data has 
been stored in second data storage in the second security domain. 

45. The system of claim 44 wherein 
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the replicating module is configured to perform the replication over a controlled link from a 
first host in the first security domain to a second host in the second security domain. 

46. The system of claim 44 further comprising: 

a using module configured to use the data from the second data storage when the first data 
storage fails. 

47. The system of claim 44 further comprising: 

a reading module configured to read a first portion of the data from the first data storage; and 
a requesting module configured to request a second portion of the data from a second host 
coupled to the second data storage. 

48. The system of claim 44 further comprising: 

a restoring module configured to restore the data in the first data storage from the second data 
storage when the data are corrupted. 

. 49. A computer-readable medium comprising: 

replicating instructions configured to replicate a change to data from first data storage in a 
first security domain to a second security domain, wherein 

the first security domain and the second security domain are independent of each 
other; and 

completing instructions configured to complete the change to the data in the first security 

domain in response to receiving an acknowledgement that the change to the data has 
been stored in second data storage in the second security domain. 

50. The computer-readable medium of claim 49 wherein 

the replicating instructions are configured to perform the replication over a controlled link 
from a first host in the first security domain to a second host in the second security 
domain. 

5 1 . The computer-readable medium of claim 49 further comprising: 

using instructions configured to use the data from the second data storage when the first data 
storage fails. 

52. The computer-readable medium of claim 49 further comprising: 
reading instructions configured to read a first portion of the data from the first data storage; 

and 
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requesting instructions configured to request a second portion of the data from a second host 
. coupled to the second data storage. 

53. The computer-readable medium of claim 49 further comprising: 

restoring instructions configured to restore the data in the first data storage from the second 
data storage when the data are corrupted. 
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